DigesTor: Comparing passive traffic analysis attacks on tor

Katharina Kohls, Christina Poepper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.

Original languageEnglish (US)
Title of host publicationComputer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings
EditorsJavier Lopez, Jianying Zhou, Miguel Soriano
PublisherSpringer-Verlag
Pages512-530
Number of pages19
ISBN (Print)9783319990729
DOIs
StatePublished - Jan 1 2018
Event23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: Sep 3 2018Sep 7 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11098 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other23rd European Symposium on Research in Computer Security, ESORICS 2018
CountrySpain
CityBarcelona
Period9/3/189/7/18

Fingerprint

Virtual private networks
Traffic Analysis
Attack
Anonymity
Countermeasures
Experimental Evaluation
Traffic
Scenarios
Target
Evaluation
Arbitrary
Vertex of a graph

Keywords

  • Confirmation attack
  • Mixing
  • Tor
  • Traffic analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Kohls, K., & Poepper, C. (2018). DigesTor: Comparing passive traffic analysis attacks on tor. In J. Lopez, J. Zhou, & M. Soriano (Eds.), Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings (pp. 512-530). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11098 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-99073-6_25

DigesTor : Comparing passive traffic analysis attacks on tor. / Kohls, Katharina; Poepper, Christina.

Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings. ed. / Javier Lopez; Jianying Zhou; Miguel Soriano. Springer-Verlag, 2018. p. 512-530 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11098 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kohls, K & Poepper, C 2018, DigesTor: Comparing passive traffic analysis attacks on tor. in J Lopez, J Zhou & M Soriano (eds), Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11098 LNCS, Springer-Verlag, pp. 512-530, 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, 9/3/18. https://doi.org/10.1007/978-3-319-99073-6_25
Kohls K, Poepper C. DigesTor: Comparing passive traffic analysis attacks on tor. In Lopez J, Zhou J, Soriano M, editors, Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings. Springer-Verlag. 2018. p. 512-530. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-99073-6_25
Kohls, Katharina ; Poepper, Christina. / DigesTor : Comparing passive traffic analysis attacks on tor. Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings. editor / Javier Lopez ; Jianying Zhou ; Miguel Soriano. Springer-Verlag, 2018. pp. 512-530 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{92626b0836824e52a230e8f0881c8256,
title = "DigesTor: Comparing passive traffic analysis attacks on tor",
abstract = "The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.",
keywords = "Confirmation attack, Mixing, Tor, Traffic analysis",
author = "Katharina Kohls and Christina Poepper",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-99073-6_25",
language = "English (US)",
isbn = "9783319990729",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "512--530",
editor = "Javier Lopez and Jianying Zhou and Miguel Soriano",
booktitle = "Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings",

}

TY - GEN

T1 - DigesTor

T2 - Comparing passive traffic analysis attacks on tor

AU - Kohls, Katharina

AU - Poepper, Christina

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.

AB - The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.

KW - Confirmation attack

KW - Mixing

KW - Tor

KW - Traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=85052211371&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85052211371&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-99073-6_25

DO - 10.1007/978-3-319-99073-6_25

M3 - Conference contribution

SN - 9783319990729

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 512

EP - 530

BT - Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings

A2 - Lopez, Javier

A2 - Zhou, Jianying

A2 - Soriano, Miguel

PB - Springer-Verlag

ER -